Threat Intelligence / CVE / CVE-2026-20126

CVE-2026-20126

CVSS 8.8 (HIGH) · EPSS 0.0% · Published 2026-02-25

A vulnerability in Cisco Catalyst SD-WAN Manager could allow an authenticated, local attacker with low privileges to gain root privileges on the underlying operating system. This vulnerability is due to an insufficient user authentication mechanism in the REST API. An attacker could exploit this vulnerability by sending a request to the REST API of the affected system. A successful exploit could allow the attacker to gain root privileges on the underlying operating system.

CVSS v3 vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-648

Threats tracking this CVE

CVE-2026-20127: Critical Cisco Catalyst SD-WAN Authentication Bypass Exploited by UAT-8616 Since 2023 (CVSS 10.0) — CRITICAL

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v

Full detection coverage & IOCs for threats exploiting CVE-2026-20126 are available via the Threadlinqs MCP server (Purple tier). View plans →

Markdown version · Threadlinqs Intelligence